Slow Loris Attack - Computerphile

a simple defense analyze the timing of the data.

if it is too slow for the capabilities of even the slowest connection say a 56k line then it comes back with "either upgrade to a faster connection or we will kick your connection and ban you for 10 minutes" or something like that or put a limit to the number of connections say 6

To come up to date a bit, this is one of the reasons why you find nginx on pretty much every front end of a load balancer these days 😆

Can we get the python script😢

Randomly ended up here and really enjoyed the demo.

It's funny how simple this is and how it still works lol

Is this Apache vulnerability still valid today? It is far more dangerous than normal DDoS.

can slowloris work on a public ip address?

does it still working in apache nowadays?

Really interesting

I love how excited he is about this DoS and explaining it. The explanation really helped with my studies for CEH! THanks!

I wonder... how many russian propganda media outlets are vulnerable to this attack?
Asking out of pure curiosity, of course... Timing of the question is purely coincidental...

So how would I know if my website is being slowloris-ed?

Dear subtitler: He's saying "Carriage," not "Caret"

ppl still use thread per client in 2022?

This reminds me of endleSSH, which is used to do prevent SSH cracking and wasting hacker’s time

I don't know how oversimplified is this video, but if someone is actually trying to be secure Idk how he could not think about this possibility

you wont let me live , you wont let me die

I thought this video was about Solaris and that the title and thumbnail were just a pun.

incredible lol

And that's why you raise your hand before you participate in activities, kids.

This issue should be fixed as more and more servers are using async code.

Can it be detected by looking into the simultaneous connection with the same IP?

This is an old video, but Mike's videos are lightning my interest on ethical hacking and penetration tests. What courses would you guys recommend? I work with it for more than 15 years now, i'm a System admin with extense knowledge on scripting.
Thank you!

Why would not the firewall realize that this is an attack? You have 200 connections from the same IP. My guess would be that has something to do with NAT?

My main booter has a slow loris method but it says I need a file path and in parentheses it says (/index.html) what dose that mean and how do I get that.

So this is just another example of proving that async is superiour to multithreaded on IO-bound operations?

This is fairly simple. But one major drawback - servers may catch up by looking at the IP adresses of each concurent connection and if it matches perfectly, they'll cut up all those connections. DDoS has the strength of multiple computers attacking the webserver and the webserver cannot deny each of that attack. Conventional DDoS attacks can be detected and pretty much mitigated by relaying your connection through multiple of caches or simply slowing the connection down a little bit to figure out what's going on. Slow Loris DDoS on the other hand would be kinda undetectable. What if 200 completely random people had painfully slow internet? One way to do this would have a botnet of 200 computers in it trying to access one single website. The other way would be route each connection through Tor (which essentially makes the Tor network your botnet).

I think, as computer nerds, we identify with Slow Loris. It's not out there busting down the door guns-blazing. It's using time and ingenuity to win by attrition.

I've got a question: Why isn't it designed in a way that only a full request can be sent/asked? Like only accept 'Get index.html' and not 'Ge' 't' 'i' 'n' etc.. I don't understand why it starts up a connection/thread when you haven't even asked a full question. Isn't it more simple to let this web-protocol thingy only handle full, finished questions?

British Peter Parker.

Also, what a neat concept!

And what makes this an original idea while it is alike to the DOS attack in a way? Additionally, many servers don't allow that bad connections and they also close the connection if the packet sent is too small.

great vid

who ever created this attack have a brilliance way of thinking XD

So like a Filibuster

I love this and the fact that he also loves it and tries to hide that he loves it makes it even better :D.

I just love his evil glee.

The smile on his face when he does the attack

Damn

That is just beautifully simple but genius 🔥💯😂

OmG.....give a medal to this guy

A get-around I can think of is not to statically allocate thread count, but to allocate based on server load

Finally I can hack Google

nah man, You just have REALLY REALLY REALLY slow 1gb internet

In spirit a lot like a layer 7 version of a tcp-syn attack. Hold the connection open indefinitely.

people with 0.008 mbps internet

i dont even have to try it dose it by it self

Can we get a code demo of this?

Trying to protect my web servers against all the things

So, how do you combat this?

But you are sending the CRLF at the end of the random number. I do not understand why

best explaination ............ I am blessed to watch a Channel like computerphile, david bombal etc

Who knew that learning how to hack would make you a computer coding genius